Monday, 31 October 2011

We see a variety of attack vectors at work when it comes to inbound e-mail.

One cannot discount the social engineering aspect that the bad guys utilize to get someone to click on a link. This type of vector can only be exercised out of users by extensive training: “Don’t click on any unknown links!”

Here are some thoughts on why having an external Cloud based service sanitize e-mail _before_ it gets to the edge device:

If the in-house server is down for whatever reason folks can keep working with their e-mail.

Outbound e-mail can be encrypted end-to-end.

From in-house Exchange via TLS to ExchangeDefender.

[Encrypt] tag in the Subject means that the recipient will need to click on a link that takes them to the ExchangeDefender Encryption site to log on (password and PIN would be set up if the first time).

Yes, we have seen some issues with the service in the years since we signed up and started reselling their services. But, on the grand scale of things their service and support team have been second to none on communicating with us whenever we have had a question or there was indeed a problem.

After the last NOC based outage in Dallas the OWN team committed to restructuring their redundancy between LA and Dallas to allow for a failover to happen if one of the NOCs experienced some form of outage. So far they have been following through on their commitment to implement these changes.

NEW BLOG LOCATION

SUBSCRIBE

ABOUT

Our primary IT vertical is accounting firms since 1998. From accounting app support through to highly available solutions for accounting firms we've got it covered. I'm a Microsoft MVP since 2009. First on SBS and then starting in 2014 on Cluster.